tag:blogger.com,1999:blog-5331176366167100625.post361665169928726790..comments2024-03-20T03:15:18.893-07:00Comments on SecuritySynapse: Splunk and McAfee ePO Integration – Part IITony Leehttp://www.blogger.com/profile/04935721260910647091noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-5331176366167100625.post-21812414210399179722017-01-05T08:17:40.554-08:002017-01-05T08:17:40.554-08:00Thanks for sharing Antonio! Will check it out.Thanks for sharing Antonio! Will check it out.Tony Leehttps://www.blogger.com/profile/04935721260910647091noreply@blogger.comtag:blogger.com,1999:blog-5331176366167100625.post-19140384230151072572017-01-05T07:21:42.841-08:002017-01-05T07:21:42.841-08:00I uploaded it at github. You can check at:
https:/...I uploaded it at github. You can check at:<br />https://github.com/apezuela/my_splunk_sec_app/tree/test/binapezuelahttps://www.blogger.com/profile/06421904919416541513noreply@blogger.comtag:blogger.com,1999:blog-5331176366167100625.post-28853590064027134682017-01-03T07:26:48.701-08:002017-01-03T07:26:48.701-08:00Nice. I would be curious to see the search. Are ...Nice. I would be curious to see the search. Are you doing something like a top limit=10? Fitting tag name. Ha.Tony Leehttps://www.blogger.com/profile/04935721260910647091noreply@blogger.comtag:blogger.com,1999:blog-5331176366167100625.post-5580161656515713232017-01-03T02:44:14.688-08:002017-01-03T02:44:14.688-08:00I am tensting it. If you want it, tell me and I wi...I am tensting it. If you want it, tell me and I will share it. For example, we have a search for look workstations with high degree of malware (because they are downloading software from bad places), with this search and the custom command, we will add tag to those computers (for example "bad boys") and them, epo will apply differents AV policies.apezuelahttps://www.blogger.com/profile/06421904919416541513noreply@blogger.comtag:blogger.com,1999:blog-5331176366167100625.post-50043970404662526452017-01-02T08:56:35.999-08:002017-01-02T08:56:35.999-08:00You could certainly use this work as a starting po...You could certainly use this work as a starting point. Just view the source of the ePO connector page in the app and you will see how the python script is called and with what parameters. Then you can create a scheduled search that calls the python script with whatever tag you want to set. Let us know how it works.Tony Leehttps://www.blogger.com/profile/04935721260910647091noreply@blogger.comtag:blogger.com,1999:blog-5331176366167100625.post-25933674646948503212017-01-02T02:21:34.376-08:002017-01-02T02:21:34.376-08:00I'm working in a splunk custom add to put tags...I'm working in a splunk custom add to put tags on epo from a resultset splunk query. For example, to mark computers with high degree of antivirus detections.Anonymousnoreply@blogger.com